1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

How To Regain Access to the Windows Registry Editor

By

Some malware will disable access to the Registry editor. To prevent access to the Registry, malware generally does one of the following:

  • Makes changes to the shell open command;
  • Changes system policies (i.e. group policy editor);
  • Drops a bogus regedit.com file.
Depending on the method used, this might result in one of the following symptoms:
  • The registry appears to open but then quickly closes, or
  • You receive the error: "Registry editing has been disabled by your administrator"
To regain access to the Registry, try the following:

Difficulty: Average
Time Required: Variable; 5 minutes to an hour
Here's How:
  1. Note: the following tips assume a decent level of knowledge and experience with the Windows System Registry. If you are inexperienced with using the Windows System Registry or you need a refresher, consult the Windows System Registry Tutorial before continuing.
  2. First, make sure you have enabled "View Hidden Files and Folders".
  3. Download Symantec's free UnHookExec.inf. Also see: General Description of UnHookExec | Changes Made by UnhookExec
  4. Boot into Safe Mode and attempt to access regedit from there.
  5. If you still cannot access the Registry Editor, right click the downloaded UnHookExec.inf and select Install. This free tool will correct unwanted modifications to the shell open command and it will correct changes to system policy which may be preventing access to the Registry editor. This tool runs silently - no messages will appear. After running, attempt to access the Registry.
  6. If the registry appears to open but then quickly closes, it is likely that the malware has added a bogus regedit.com file to the system. The system will try to load regedit.com first, instead of regedit.exe. To resolve, try each of the following steps in order until resolution:
  7. Search for and rename the bogus regedit.com file and see if the valid regedit.exe will now open.
  8. You can also copy the legitimate regedit.exe to another folder and try to run it from the new location.
  9. If none of these steps works, boot from a BART PE Recovery CD and open the Registry from there.
  10. Once you've regained access to the Windows System Registry, you will need to identify and remove the malware that is preventing access. See AutoStart Entry Points for a list of common load points in the Windows System Registry.
  1. About.com
  2. Technology
  3. Antivirus Software
  4. Windows Security Guides
  5. Windows Tutorials
  6. Regedit is Disabled: How to Regain Access to the Windows Registry Editor

©2014 About.com. All rights reserved.